Telegram Flaw Targets Crypto Users With Russian Miners
A new flaw in Telegram messaging – and quite possibly in other platforms as well – flips the text in a file share to mislead users. This flipped bit of text suggests that the user is being sent an image file, for example – but in reality, the file is anything but. In an example given this morning by the folks at Kaspersky Lab at Secure List, a user might send a PNG file, but when it's accessed, it becomes an executable javascript file – of the malicious sort.
All exploitation cases detected by Kaspersy thus far were in Russia – but there's no good reason why they wouldn't work anywhere in the world. Mac users are listed first in this document, but Windows users were more recently added to the vulnerability list. UPDATE: Telegram has been informed and the vulnerability apparently no longer occurs in Telegram's products – JUST so long as your Telegram app is updated. Make sure you update as soon as possible!
Who this affects: Mac users, mostly. Anyone that has an Apple computer can be exploited with this particular trick. It is not yet known if all Windows PCs are safe from this attack – so keep your guard up if you're in that category, too.
This attack has and will continue to target cryptocurrency (Bitcoin and others) users and traders since Telegram is very popular in those crowds right this minute. It's a perfect point of attack because these users have several plausible targets. They could have a powerful GPU, or a whole mining station that could be taken over. They could have files in which their Bitcoin wallet(s) are listed with passwords. They could have a whole lot of very valuable information a malicious party might want.
What can this attack do? The better question might be to ask what it CAN'T do, since it's essentially a voluntary launch of software that gives a malicious party access to your computer. In the Securelist report, several scenarios are shown where anything from cryptocurrency miners to information shares are executed through Telegram.What you should do: Beware of any file sent to you directly in Telegram. If a file is sent from a party you do not know personally, make certain you do not accept. If you have already accepted a file as such, and absolutely must open it up, try a preview first – or make sure you've got verified developer protection on. If you have no idea what verified developer protection is, you've already got it switched on, more than likely. It's an opt-out sort of deal.
If you've already launched a file that you downloaded from Telegram sent by a person you did not know – well – you might be in trouble. If that's the case, I'd recommend you just change all your passwords and reset your computer completely. But maybe bring it in to a specialist to have a closer look, first.